Hi Tom,
Oh wow. I think you might have nailed it!
I posted spamfilter.sh last night to http://pasted.co/7b794ccd
The file in there (SALOG) looks like the culprit. It's 86 Mb and
starts with:
Sat Oct 15 13:01:30 2016 [2753] info: logger: removing stderr method
Sat Oct 15 13:01:31 2016 [2756] info: zoom: able to use 346/346 'body_0'
compiled rules (100%)
Sat Oct 15 13:01:32 2016 [2756] info: spamd: server started on IO::Socket::IP
[::1]:783, IO::Socket::IP [127.0.0.1]:783 (running version 3.4.1)
Sat Oct 15 13:01:32 2016 [2756] info: spamd: server pid: 2756
Sat Oct 15 13:01:32 2016 [2756] info: spamd: server successfully spawned child
process, pid 2758
Which matches the lines I caught in the original log snippet.
So it is re-dumping a load of old messages back into the mail.log file, but now
I know where all that data is coming from :-) What's the best course of action?
If I delete/truncate that file, it will just grow back like a weed.
Dave Wreski suggested that I comment out the first and last logging from the
spamfilter.sh script.
I think I need to do that and then also add that file to the daily logrotate
list to prevent it growing continuously.
Does this make sense to everyone?
Thank you all! I'm so grateful for your time, expertise and effort on
this.
Kind regards.
Jim.
On 05/04/17 08:32, Tom Hendrikx wrote:
Hi,
The thing that immediately caught my eye was the fact that in a line
such as:
Apr 2 10:31:26 oss2 spamfilter: Sat Oct 15 15:20:22 2016 [2758] info:
spamd: connection from ip6-localhost [::1]:55708 to port 783, fd 5
There are 2 timestamps, far away from each other. After some pondering,
my guess is that spamfilter.sh is writing away log lines to a temporary
file for each delivery, and them spewing them again when handling is
complete. But there is a bug where spamfilter.sh does not cleanup after
itself, and new lines are appended to the existing temporary file, and
then the complete contents of the file are sent to syslog. Thus for each
single delivery the logging for all messages in the past half year (Oct
15 -> Apr x) is sent to syslog.
Please post the full contents of the spamfilter.sh, and examine the
contents of any temporary files that is it using.
Kind regards,
Tom
On 04-04-17 23:09, Jim McLachlan wrote:
Hi,
I have a problem with the huge amount of messages being logged by
spamassassin. I have around 10 active e-mail users on the system, none
of whom have any unusual e-mail usage. This is what I've seen in the
last 2 hours:
$ date
Mon 3 Apr 08:00:50 UTC 2017
$ ls -l /var/log/mail.log
-rw-r----- 1 syslog adm 86370829860 Apr 3 08:00 /var/log/mail.log
-rw-r----- 1 syslog adm 331608479025 Apr 2 09:20 /var/log/mail.log.1
$ spamassassin --version
SpamAssassin version 3.4.1
running on Perl version 5.22.1
My set up consists of Postfix, Postgrey, Spamassassin, Clam-AV,
Amavis-new and Dovecot.
When I send an e-mail through the system, it immediately starts
churning out a long list of log messages that implies it's checking
messages from last October (when I set up the server). It goes through
thousands of messages like this and then settles down again until
another e-mail is processed.
My initial e-mail with attachment didn't work, so an excerpt from
the log file can be found here:
http://pasted.co/5e546e7a
Can someone please explain to me why it's repeating all this work
and all these messages for every e-mail that gets processed and what I
can do to fix this. I reduced the problem slightly yesterday by
preventing all these messages getting logged to syslog at the same time.
Kind regards.
Jim.
--
James R. McLachlan PGDCCI(Open)
Managing Director
Objective Software Services Ltd.
Web : http://www.oss-ltd.com
Tel : +44 (0)1397 708550
Mob : +44 (0)7971 232717
Fax : +44 (0)7970 117580
e-mail: j...@oss-ltd.com
Objective Software Services Ltd. is a company registered in England and Wales
with company number 2892148.
Registered office: 11 Percy Terrace, Tunbridge Wells, Kent, TN4 9RH
